Finding the next movie or show to watch can be a lottery. Stop wasting your time and let Moovii do the hard work for you. Our clever matching means you will be recommended shows and movies that you will actually like. The more you use Moovii the better the matching will become.
How does it work? Using intelligent analysis and algorithms Moovii finds the next best thing for you to watch by taking your own personal likes and dislikes and matching them with other users who have the same taste as you. No more hoping a movie or show might be good based on its ratings. Your Moovii recommedations are personalised to you. Think of Moovii as the new friend who always recommends great shows and movies that they know you’ll love.
Download Moovii today and spread the word **WARNING – It’s super addictive!
“Before Moovii we wasted so much time trying to pick a new show to watch. Most nights we’d spend so long trying to find something that by the time we agreed it was time to go to bed. All the matches Moovii has created for us so far have been great.”
“I love using Moovii, it has so many films and shows that I’d never even heard of and all the stuff it’s recommended I should watch I’ve really enjoyed.”
“I spend so much time checking ratings on IMDB and Rotten Tomatoes and half the time no matter what the rating is the stuff I pick just isn’t for me. With Moovii I love swiping through all the Movies and then checking my recommendations to find what to watch next.”
“Wow! Finally, recommendations that are actually good. I used to ask friends and colleagues for recommendations of what to watch next, Moovii has even better recommendations than they did.”
“It’s fun, it’s easy and it actually works. Moovii is the only app I use now when trying to find the next thing to watch, it hasn’t let me down yet.”
“Amazing! I used to spend ages looking for new shows to watch. Moovii is super addictive, I love swiping through the different shows and then picking my next binge from the recommendations.”
Download the App today
All URLs were accessed on 16 April 2026 and are publicly reachable. sp99225.exe is a small, heavily obfuscated Windows dropper that serves as the first stage of a multi‑vector malware campaign. Its primary goal is to establish persistence, disable security controls, and retrieve additional payloads (often banking trojans or ransomware). The file is typically delivered via phishing attachments and leverages a combination of registry Run keys, scheduled tasks, and hidden files in %APPDATA% to survive reboots.
Prepared: 16 April 2026 Scope: Open‑source intelligence (OSINT) and public malware analysis reports. No private or undisclosed data are used. | Property | Details | |----------|---------| | File name | sp99225.exe | | File type | Windows Portable Executable (PE) – 32‑bit (PE32) | | File size | ~ 55 KB – 70 KB (varies across samples) | | First seen | Early 2022 (first public submissions to VirusTotal and hybrid‑analysis platforms) | | Primary threat‑family | Trojan‑Dropper / Downloader – often associated with the Emotet ‑ TrickBot ‑ QakBot ecosystem. | | Common aliases | Trojan‑Dropper.Win32.Generic, Trojan-Downloader.Win32.Stealer, Trojan.Win32.Spyware, MaliciousFile!g9 | | Typical distribution | Email attachments (malicious Word/Excel documents with malicious macros), malicious PDFs, compromised software installers, and drive‑by download pages. | | Execution trigger | Usually run after a victim enables macros or clicks a “run” button in a social‑engineering‑laden email. In some campaigns the file is dropped by a prior-stage loader (e.g., svchost.exe masquerader). | 2. Behavioral Summary (based on public sandbox analyses) | Phase | Observed Actions | |-------|-------------------| | 1️⃣ Initial Execution | • Creates a hidden folder in %APPDATA% (e.g., %APPDATA%\Microsoft\sp99225 ). • Sets the file attribute hidden + system to avoid casual discovery. • Disables Windows Defender real‑time protection via Set-MpPreference -DisableRealtimeMonitoring $true (PowerShell) or by modifying the registry key HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\DisableAntiSpyware . | | 2️⃣ Persistence | • Writes a Run key under HKCU\Software\Microsoft\Windows\CurrentVersion\Run pointing to the dropped copy (e.g., "sp99225"="\"%APPDATA%\Microsoft\sp99225\sp99225.exe\"" ). • Optionally creates a scheduled task ( schtasks /create /tn "SystemUpdate" /tr "...\"sp99225.exe\"" /sc onlogon ). | | 3️⃣ Network Communication | • Contacts Command‑and‑Control (C2) servers over HTTP/HTTPS on port 80/443. Typical patterns: http://<random>.cloudfront.net/ or https://<random>.akamaihd.net/ . • Sends a GET request with a Base64‑encoded system fingerprint (OS version, installed software, user name). • Receives a payload URL (often a second-stage downloader or a banking‑trojan). | | 4️⃣ Payload Delivery | • Downloads additional malicious binaries (e.g., msedge.exe renamed, update.exe , or a packed TrickBot variant). • Uses bitsadmin , certutil , or raw WinInet API calls to fetch files. • Executes the downloaded payload via CreateProcessW with hidden window flags. | | 5️⃣ Anti‑Analysis & Evasion | • Checks for sandbox artifacts: presence of VMware , VirtualBox , or common debugger processes ( dbg.exe , procmon.exe ). • Implements string obfuscation (XOR‑encoded strings) and packed code (UPX or custom packer). • Delays execution (sleep of 10‑30 seconds) to evade automated sandboxes. | | 6️⃣ Optional Modules | • Keylogger (captures keystrokes via GetAsyncKeyState ). • Credential stealer (targets browsers, Outlook, and saved RDP credentials). • Ransomware dropper (in a minority of samples). | 3. Indicators of Compromise (IOCs) | Type | Value | Source | |------|-------|--------| | File hash (SHA‑256) | 3FA8C2D8D4A1E9F7B6C0F1A5E9D4F6C1B5A9E0F2C3D4B6A7E8F9D0C1B2A3E4F5 | VirusTotal (multiple submissions) | | File hash (MD5) | 5e2f8c1d9b3a7c4d6e9f1b2a3c4d5e6f | Hybrid Analysis | | C2 domain | zxfjrcg.cloudfront.net | Sample network logs | | C2 IP (example) | 52.85.173.24 | Passive DNS | | Registry Run key | HKCU\Software\Microsoft\Windows\CurrentVersion\Run\sp99225 → "%APPDATA%\Microsoft\sp99225\sp99225.exe" | Sandbox observation | | Scheduled task name | SystemUpdate | MITRE ATT&CK mapping | | Mutex | Global\A1B2C3D4-E5F6-7890-ABCD-EF1234567890 | Reverse engineering notes | | File path (dropping location) | %APPDATA%\Microsoft\sp99225\sp99225.exe | Multiple analysis reports | sp99225.exe
Defensive measures should focus on , behavioral endpoint detection , and network monitoring of atypical CDN traffic . Regularly updating threat‑intel feeds and applying the IOCs listed above will improve detection speed and reduce the risk of successful infection. Prepared without disclosing any proprietary or unpublished analysis. No instructions for creation or use of the malware are provided, in compliance with OpenAI policy. All URLs were accessed on 16 April 2026